At The Upstairs Surgery, we take your privacy and the protection of your personal data seriously. This  explains how we collect, store, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and NHS guidance.

​

Who We Are

The Upstairs Surgery is a GP surgery providing primary healthcare services to patients. We are registered with the Information Commissioner’s Office (ICO) and are committed to keeping your data safe.

• Caldicott Guardian: Dr. Francis Oladimeji

• Data Protection Officer (DPO): North East London Integrated Care Board (ICB)

• ICO Registration Number: ZC043268

​

What Personal Data We Collect

As part of providing medical care, we collect and store personal data about you, including:

• Personal Details (name, address, contact details)

• Medical History (conditions, treatments, test results, allergies)

• Appointment Details (appointments, referrals, prescriptions)

• Communication Records (emails, phone calls)

​

How We Use Your Data

We collect and process your personal data to provide healthcare services, and this includes:

• Delivering your care and treatment.

• Communicating with you about appointments, results, and prescriptions.

• Administering services (e.g., managing appointments, electronic prescriptions).

• Ensuring that we meet legal and regulatory requirements for healthcare delivery.

We also use certain external services to improve your care and the efficiency of our practice, including:

• Minuteful Kidney (for kidney health management)

• Interface Pharmacy Services (for medication reviews of chronic conditions)

• Secure Forms (for comments, suggestions, and feedback via forms such as FFT and GP Patient Survey).

​

How We Protect Your Data

We take your privacy seriously and ensure that your personal data is protected by implementing appropriate technical and organisational measures. These include:

• Encryption of personal data stored and transmitted through our systems.

• Secure Forms and HTTPS to protect your personal information when you submit forms on our website.

• Cloudflare for enhanced website security, ensuring safe access to our online services.

• Secure server logs to monitor and protect against unauthorised access.

Our staff is trained in data protection and confidentiality and follows strict policies to safeguard your data.​

​

How We Collect Your Data

We collect personal data when you:

• Register with the practice.

• Book appointments or request services.

• Provide feedback through forms such as the Friends and Family Test (FFT) or the GP Patient Survey.

• Use our online services.

We may also use cookies on our website to improve the user experience and monitor website performance. For more information on cookies, please see our Cookie Policy.

​

Your Rights Under GDPR

Under the GDPR, you have the following rights:

• The right to access your personal data.

• The right to rectify inaccurate or incomplete data.

• The right to restrict processing of your data in certain situations.

• The right to object to data processing.

• The right to data portability, which allows you to request that your data be transferred to another service provider.

If you wish to exercise any of these rights or have concerns about the information we hold, please contact us using the details below.

​

Sharing Your Data

We may share your data with:

• Other healthcare providers when necessary for your care (e.g., hospitals, specialists).

• NHS organisations for administrative and regulatory purposes (e.g., audits, quality checks).

• Minuteful Kidney and Interface Pharmacy Services, to assist in delivering services related to your treatment.

We will never sell or rent your data to third parties.

​

How Long We Keep Your Data

We will retain your personal data for as long as necessary to provide healthcare services or as required by law. For instance, medical records are kept for a minimum of 10 years after the last treatment date in accordance with NHS retention schedules.

​

Cookies and Website Usage

Our website uses cookies to enhance your user experience. We use Google Analytics to track website usage and improve our online services. We also use cookies through services like Cloudflare to help secure our website.

You can adjust your cookie preferences via your browser settings at any time.

​

Contact Us

If you have any questions about how we handle your personal data, or if you wish to exercise any of your rights under the GDPR, please contact us at:

The Upstairs Surgery
Address: Chadwell Heath Health Centre, Ashton Gardens, RM6 6RT
Phone Number: 0208 597 1840
Email Address: nelondonicb.upstairs@nhs.net

You can also contact our Data Protection Officer at North East London ICB via their contact details - itservicedesk.nelicb@nhs.net

​

Complaints

If you are unhappy with how we’ve handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

ICO Contact Information:
Website: www.ico.org.uk
Phone: 0303 123 1113
Email: casework@ico.org.uk